<?php
require_once("../../config.inc.php");
require_once("../_inc/mix.func.php");
require_once("../_inc/html/funzHTML.php");
require_once("../_inc/mbUser.class.php");
require_once("../_inc/sdao/StructuredDataAccessObject.php");

$errMsg = sxREQ('errMsg');
if (sxREQ('uid') != '') {
	$errMsg = checkLogin();
}
$aErrMsg = array( "0001"=>_t("User unknown or wrong password"),
						"0002"=>_t("Wrong password or user unknown"),
						"0003"=>_t("DB error"),
						"0004"=>_t("Invalid char in user code"),
						"0005"=>_t("Invalid password"),
						"0006"=>_t("Invalid char in user code"),
						"0007"=>_t("Wrong password or user unknown"),
						"0008"=>_t("User disabled for all Data Areas"),
						"1000"=>_t("Data access error"),
						"9000"=>_t("Undefined system parameters"),
						"9996"=>_t("Log-out executed in other window"),
						"9997"=>_t("Missing sub-session"),
						"9998"=>_t("Expired session"),
						"9999"=>_t("Log-out executed")
					);
if($errMsg != ''){
	if(isset($aErrMsg[$errMsg])){
		$errMsg = $aErrMsg[$errMsg];
	}else{
		$errMsg = "Unknown error ($errMsg)";
	}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta name="expires" content= "Mon, 1 Jan 2000 00:00:00 GMT" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="content-language" content="en" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="shortcut icon" href="../_img/icoPolaris.ico" type="image/x-icon" />
<title>POLARIS - MB Admin - log-in</title>
<link rel="stylesheet" href="stileMB.css.php" type="text/css">
</head>
<body style="//background-image:url('../_img/bckgrnd01.jpg');">
<div style='margin:auto;width:150px;padding-top:150px;'>
<form name="oFrm" action="<?=$_SERVER['PHP_SELF']?>" method="POST">
<table cellpadding="3" cellspacing="2" width='100%' border='0'>
<tr>
<td class='header1' style='background-color:#ffff00;padding:10px;'>
	<img src="../_img/logoPolaris.png" style='border:0;' align='left'/>
</td>
</tr>
<tr>
<td class='text01' style='background-color:#f0f0f0;'>
	<table width=100%'>
		<tr>
			<td class="labl01" align='right' width='40%'>User : </td>
			<td class="text01" align='center'  width='60%' colspan="2">
				<input class="inpt01" type="text" style='width:90%;' name="uid" id="uid" value="<?=sxRHE('uid')?>">
			</td>
		</tr>
		<tr>
			<td class="labl01" align='right'>Password : </td>
			<td class="text01" align='center' colspan="2">
				<input class="inpt01" type="password" style='width:90%;' name="pwd" id="pwd" value="<?=sxRHE('pwd')?>">
			</td>
		</tr>
		<tr>
			<td colspan="2" valign='middle' width='60%'>version <?
		if (file_exists(SERVER_FS_ROOT."/version")) {
			readfile(SERVER_FS_ROOT."/version");
		} else {
			echo $_SERVER['HTTP_HOST'];
		}
		?>
			</td>
			<td align="right" style='padding:10px 10px 10px 10px;' width='40%'>
				<a class="link01" href="#" onClick="document.oFrm.submit();" style='padding:2px 10px 2px 10px;'>log-in</a>
			</td>
		</tr>
		<tr>
			<td class="mess01" align='center' colspan="3"  style='background-color:#f0f0f0;'>
				<?=$errMsg?>
			</td>
		</tr>
	</table>
</td></tr>
</table>
</form>
</div>
</body>
</HTML>
<?
exit();

function checkLogin() {
	global $objSDAO, $aMetaConPar;
	if (!isset($objSDAO)) {
		if (!$objSDAO = new SDAO($aMetaConPar)) {
			return '0003';
		}
	}
	$oUser = new mbUser();
	$oUser->login($_REQUEST["uid"], $_REQUEST["pwd"]);
	if($oUser->error == ""){
		session_start();
	   $k=1;
	   while(isset($_SESSION['polarismb'.$k])) {$k++;}
	   define('USEROBJ','polarismb'.$k);
	   define('XSN',"$k.1");
		$_SESSION[USEROBJ] = $oUser;
	   // -- create new session record
		$oUser->uniqid = md5(uniqid(rand(), true));
		list($usec, $sec) = explode(" ", microtime());
		$tsNow = date('Y-m-d H:i:s',$sec).substr($usec,1,7); 
		$oUser->pageSequence = 1;
		$sSQL = "INSERT INTO session " .
				"(uniqid, time_in, id_user, session_id, sub_session, time_last, log_out) " .
				"VALUES('".$oUser->uniqid."', TIMESTAMP('$tsNow'), ".$oUser->id.", '".session_id()."',".XSN.",TIMESTAMP('$tsNow'),'N')";	
		$bRC = $objSDAO->query($sSQL,"insSess");
	   //
	   logRecord(100,"Log in ".$oUser->user.' - '.$oUser->name.' '.$oUser->surname);
		serverRedir("../data/area/dataAreaList.php?xsn=".XSN);
		exit();
	}
	logRecord(120,"Log in denied for ".$oUser->user);
	return $oUser->errno;
}
